KWord

The word processor KWord, distributed with KDE's Koffice suite, is
vulnerable to a buffer-overflow-based attack when the victim opens a carefully
crafted RTF file. Opening this RTF-formatted file would cause arbitrary code
to be executed with the permissions of the victim.

All users of KWord should avoid opening RTF-formatted files from untrusted
sources until they have updated KWord. Packages have been released for Mandriva
Linux 10.2 and 2006.0, Ubuntu 5.04, and Gentoo Linux.

SPE under Gentoo

SPE, a multi-platform integrated development environment for Python, was accidentally
configured under Gentoo Linux with all of its files world-writable. With
the file permissions set to world-writable, a local attacker can replace SPE's
binary files with new executables. When the victim starts SPE, these new executable
files would execute arbitrary code with the victim's permissions.

Affected users should upgrade as soon as possible to a repaired SPE package.
Repaired packages have been released for Mandriva Linux and Ubuntu 4.10, 5.04,
and 5.10.

wget

wget is a command-line utility used to retrieve files using the HTTP, HTTPS,
and FTP protocols. Some versions of wget are reported to be vulnerable to a
buffer overflow when connecting to a remote server using NTLM authentication.
This vulnerability is reported to affect some versions of wget earlier than
version 1.10.2.

Affected users should watch their vendors for a repaired version of wget or
upgrade to version 1.10.2.

BrightStor, eTrust, and Unicenter

The Computer Associates iGateway component is distributed with multiple product
lines, including BrightStor, eTrust, and Unicenter. If the iGateway component
is configured in diagnostic tracing mode, it is vulnerable to a buffer overflow
that may result in a denial of service or the execution of arbitrary code.
Versions of iGateway earlier than version 4.0.050615 are reported to be vulnerable.

All users of affected CA products should ensure that the iGateway component
is not running in diagnostic debug tracing mode by setting the "<Debug>" parameter
to false in the igateway.conf file. It is recommended that users then upgrade
to version 4.0.050615 or newer.

OpenSSL

Under some conditions, OpenSSL may be vulnerable to a man-in-the-middle
attack that would cause the client and the server to fall back to the insecure
version SSL 2.0 protocol. The SSL 2.0 protocol is known to have cryptographic
weaknesses that may be exploitable to recover plain-text information from the
encrypted date. The OpenSSL library implements the Secure Sockets Layer, Transport
Layer Security protocols, and general-purpose cryptography functions.

New OpenSSL packages have been released for Ubuntu Linux versions 4.10, 5.04,
and 5.10. Users of other distributions should watch their vendors for an updated
package.

XMail

XMail, an email server available for multiple Unix-based architectures and
Microsoft Windows, is reported to contain a buffer overflow in code contained
in the AddressFromAtPtr() function that may be exploited by a local attacker
and may result in arbitrary code being executed with root permissions. The
report specifies that the vulnerability was found in version 1.21 of XMail.

Xmail should be upgraded to version 1.22 as soon as possible.

uw-imap

uw-imap is an IMAP mail server distributed by the University of Washington.
A buffer overflow in the function mail_valid_net_parse_work() in uw-imap may
be exploitable by a remote but authenticated attacker and could result in arbitrary
code being executed with the authenticated attacker's permissions.

It is recommended that all users of uw-imap upgrade to version imap-2004g.

tcpdump

The network sniffer tcpdump is reported to be vulnerable to a denial-of-service
attack due to a bug in the code tcpdump uses to handle RT_ROUTING_INFO information
inside of a BGP packet. A remote attacker could cause tcpdump to go into a loop
by sending a carefully constructed BGP packet.

Affected users should watch for a repaired version of tcpdump from their vendors.

weex

weex is reported to be vulnerable to a format-string-based vulnerability that
could be exploitable to execute arbitrary code with the victim's permissions.
weex is a non-interactive FTP client.

Affected users should watch their vendors for a repaired version of weex.

graphviz

graphviz, a set of open source graph visualization tools, is vulnerable to
a temporary-file, symbolic-link race condition that may be abused to overwrite
arbitrary files on the system with the victim's permissions.

Debian has released a repaired version of graphviz. Users of other distributions
should watch their vendors for updated graphviz packages.

up-imapproxy

up-imapproxy is a proxy server for the IMAP protocol. It has been reported
to be vulnerable to two format-string-based vulnerabilities that each may be
exploitable by a remote attacker to execute arbitrary code with the permissions
of the user account running up-imapproxy.

Users should watch for a repaired version. Debian has released a repaired
package.

xloadimage and xli

Both the xloadimage and xli image utilities are vulnerable to buffer overflows
that may be exploitable by a local attacker and result in arbitrary code being
executed.

Affected users should watch their vendors for repaired versions.

Ruby

Ruby, an object-oriented scripting language, has a facility to execute untrusted
code by either setting a taint flag on an object or by running at a safe level.
A vulnerability has been discovered that can be exploited by an attacker to
bypass both the safe level and the taint flag.